Lucene search
K

178 matches found

CVE
CVE
added 2026/06/25 1:12 p.m.11 views

CVE-2026-57429

CVE-2026-57429 is associated with the WordPress plugin Slim SEO (versions ≤ 4.6.2). The vulnerability is described as Broken Access Control in the available connected documents (Patchstack listing and CVE records). Public details in the connected sources confirm the affected software/component an...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36960

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

9.3CVSS5.7AI score0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.6 views

CVE-2026-42655 WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

5.9CVSS5.2AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:54 p.m.7 views

EUVD-2026-36742

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.31 views

CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS0.00104EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.10 views

CVE-2026-52778

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...

9.8CVSS6AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-41497

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

9.8CVSS6AI score0.00541EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/22 1:52 p.m.21 views

CVE-2025-32751

Dell PowerFlex Manager, versions =4.6.2, contains an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information...

5.5CVSS0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/22 1:2 p.m.25 views

CVE-2025-32747

Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

5.3CVSS0.0009EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 1:58 p.m.10 views

EUVD-2026-28639

PraisonAI MCP tools/call path-traversal = RCE via Python .pth injection...

9.6CVSS5.8AI score0.00619EPSS
Exploits1References2
CVE
CVE
added 2026/05/08 1:37 p.m.22 views

CVE-2026-44339

Summary: A vulnerability in PraisonAI’s tool resolution allows undeclared main callables to be invoked through tool-call name manipulation. Prior to versions 4.6.37 (PraisonAI) and 1.6.37 (PraisonAIagents), unresolved tool names were resolved against module globals and main when the declared tool...

8.6CVSS5.8AI score0.00363EPSS
Exploits1References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:35 p.m.8 views

CVE-2026-44338

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS5.8AI score0.26799EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2026/05/08 1:35 p.m.38 views

CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS0.26799EPSS
Exploits3References1
EUVD
EUVD
added 2026/05/08 1:23 p.m.10 views

EUVD-2026-28595

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

9.8CVSS6.3AI score0.00541EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/05/08 1:23 p.m.29 views

CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

9.8CVSS0.00541EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.20 views

PT-2026-39003

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.34 Description The Model Context Protocol MCP server in PraisonAI contains a path traversal flaw in its file-handling tools. The server registers four tools by default: 'praisonai.rules.create',...

9.6CVSS6.3AI score0.00619EPSS
Exploits1References11
EUVD
EUVD
added 2026/05/07 5:8 a.m.27 views

EUVD-2026-28312

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

8.8CVSS5.8AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.17 views

PT-2026-39005

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.5.6 through 4.6.33 Description PraisonAI ships a legacy Flask API server that has authentication disabled by default due to hard-coded AUTH ENABLED = False and AUTH TOKEN = None variables in the api server.py file. This...

7.5CVSS6AI score0.26799EPSS
Exploits3References65
ATTACKERKB
ATTACKERKB
added 2026/05/02 11:33 a.m.8 views

CVE-2026-6525

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

5.5CVSS5.8AI score0.00181EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/30 11:3 p.m.6 views

EUVD-2026-26462

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

7.8CVSS5.8AI score0.00161EPSS
Exploits1References2
Rows per page
Query Builder